-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/03/2010 05:31 PM, Jason Axelson wrote: > Hi, > > I have a bash script that I've written that runs in its own domain, > let's call it my_domain_t. When I run this script, I get a denial > stating that the script was denied audit_write. But all the script is > doing when it gets this denial is printing to the screen and asking > for user input. > > From the SELinux wiki I know that audit_write allows the program to > "send audit messsages from user space". But does that mean it is able > to write to /var/log/audit/audit.log? Or more likely send a message to > the audit daemon which then appends to the audit log? > > So given that I currently don't feel any need to audit the results of > my script should I use an allow rule or something like dontaudit? > > allow my_domain_t self:capability audit_write > or > dontaudit my_domain_t self:capability audit_write > > I'm running this script on CLIP. > > Thanks, > Jason > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. Just add dontaudit rule. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkyGUIsACgkQrlYvE4MpobPZxgCfU6HQw4TXYmMrrCoCcvUVNREr eMgAn3s4ks6EqSW3BDxwQ4J2A43mUmkm =Wpod -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
